# frozen_string_literal: false

<%= lines(autogen_notice(:ruby,pwd)) -%>
require 'gcp_backend'
require 'google/iam/property/iam_policy_bindings'

# A provider to manage <%= @api.display_name -%> IAM Binding resources.
class <%= object.name -%>IamBinding < GcpResourceBase
  name '<%= resource_name(object, product) -%>_iam_binding'
  desc '<%= object.name -%> Iam Binding'
  supports platform: 'gcp'

  attr_reader :params

  attr_reader :condition

  def initialize(params)
    super(params.merge({ use_http_transport: true }))
    raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
    @params = params
    @fetched = @connection.fetch(product_url, resource_base_url, params, '<%= object.iam_policy.fetch_iam_policy_verb.capitalize -%>'<% if object.iam_policy.iam_conditions_request_type == :REQUEST_BODY -%>, { 'options' => { 'requestedPolicyVersion' => 3 } }.to_json<% end -%>)
    parse unless @fetched.nil?
  end

  def parse
    @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
    @bindings.each do |binding|
      next if binding.role != params[:role]
      if params[:condition]
        # Control defines a condition, match via this condition
        condition = params[:condition]
        if condition[:title] && condition[:title] != binding&.condition&.title
          next
        end
        if condition[:description] && condition[:description] != binding&.condition&.description
          next
        end
        if condition[:expression] && condition[:expression] != binding&.condition&.expression
          next
        end
      else
        # No condition defined in control, skip any binding with a condition
        next unless binding.condition.title.nil? && binding.condition.description.nil? && binding.condition.expression.nil?
      end
      @members_list = binding.members
      @condition = binding.condition
      @iam_binding_exists = true
    end
  end

  def exists?
    @iam_binding_exists
  end

  def members
    @members_list
  end

<%
individual_url = object.iam_policy.base_url || object.self_link || object.base_url + '/{{name}}' 
identifiers = extract_identifiers(individual_url)
-%>
  def to_s
    "<%= object.name -%> IamBinding #{@params[:<%= identifiers.last.underscore -%>]} Role: #{@params[:role]}"
  end

  private

  def product_url
    '<%= object.product_url || object.__product.base_url %>'
  end

<%
# snake_case all identifiers in the URL
identifiers.each do |identifier|
  individual_url = individual_url.gsub("{{#{identifier}}}", "{{#{identifier.underscore}}}")
end
-%>
  def resource_base_url
    '<%= individual_url -%><%= object.iam_policy.method_name_separator -%><%= object.iam_policy.fetch_iam_policy_method -%>'
  end
end
